diff options
author | Ben Sima <ben@bsima.me> | 2019-05-07 14:13:46 -0700 |
---|---|---|
committer | Ben Sima <ben@bsima.me> | 2019-05-07 14:13:46 -0700 |
commit | 3745e5c19acb77cbf287cc1d6ba0d0a08703e7f3 (patch) | |
tree | 59a17eee841072cc3b25555dcc0d87438cb86187 | |
parent | 479742da8a3c83d92997a31a4c58608a65ebc8af (diff) |
add helium and refactor lithium
-rw-r--r-- | common.nix | 3 | ||||
-rw-r--r-- | linux.nix | 4 | ||||
-rw-r--r-- | machines/helium.nix | 118 | ||||
-rw-r--r-- | machines/lithium.nix | 31 | ||||
-rw-r--r-- | machines/users.nix | 31 |
5 files changed, 153 insertions, 34 deletions
@@ -4,6 +4,7 @@ let homedir = builtins.getEnv "HOME"; locale = "en_US.UTF-8"; gpgid = "D09299626FA78AF8"; + gitCommitTemplate = ./git-commit-template; in { home = { @@ -78,7 +79,7 @@ in default = simple [commit] - template = ~/.config/nixpkgs/git-commit-template + template = ${gitCommitTemplate} [sendemail] smtpuser = ben@bsima.me @@ -66,7 +66,7 @@ in "bar/top" = { font-0 = "mononoki:size-10"; monitor = "\${env:MONITOR:eDP1}"; - monitor-fallback = "HDMI1"; + monitor-fallback = "\${env:MONITOR:eDP-1}"; width = "100%"; height = "2%"; radius = 0; @@ -178,13 +178,13 @@ in gpg-agent = { enable = true; + enableScDaemon = true; defaultCacheTtl = 72000; maxCacheTtl = 7200; enableSshSupport = true; verbose = true; extraConfig = '' allow-emacs-pinentry - #pinentry-program /home/ben/.nix-profile/bin/pinentry-tty ''; }; }; diff --git a/machines/helium.nix b/machines/helium.nix new file mode 100644 index 0000000..8bbeebc --- /dev/null +++ b/machines/helium.nix @@ -0,0 +1,118 @@ +{ config, lib, pkgs, ... }: + +{ + + networking = { + hostName = "helium"; + networkmanager.enable = true; + }; + + time.timeZone = "America/Los_Angeles"; + + environment.systemPackages = with pkgs; [ + wget + vnstat + ]; + + fonts.fonts = with pkgs; [ + google-fonts mononoki source-code-pro fantasque-sans-mono hack-font + fira fira-code fira-code-symbols + ]; + + nixpkgs = { + config = { + allowUnfree = true; + allowBroken = true; + }; + }; + + hardware = { + opengl.enable = true; + pulseaudio = { + enable = true; + extraConfig = '' + load-module module-loopback + ''; + }; + }; + + programs = { + bash.enableCompletion = true; + command-not-found.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + mosh.enable = true; + }; + + services = { + pcscd = { + enable = true; + }; + + fractalart = { + enable = true; + }; + + logind = { + lidSwitch = "suspend"; + extraConfig = "IdleAction=lock"; + }; + + printing.enable = true; + + xserver = { + enable = true; + layout = "us"; + libinput.enable = true; + + displayManager.sddm.enable = true; + + desktopManager = { + plasma5.enable = true; + xterm.enable = true; + }; + }; + + vnstat.enable = true; + + # security stuff + fail2ban.enable = false; + clamav = { + daemon.enable = false; + updater.enable = false; + }; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + powerManagement.enable = true; + + nix = { + gc = { + automatic = true; + dates = "03:15"; + }; + binaryCaches = [ "https://cache.nixos.org/" ]; + nixPath = [ + "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + extraOptions = '' + gc-keep-outputs = true + gc-keep-derivations = true + ''; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "19.03"; # Did you read the comment? + system.autoUpgrade.enable = true; + +} diff --git a/machines/lithium.nix b/machines/lithium.nix index 7ccc93c..9d2db53 100644 --- a/machines/lithium.nix +++ b/machines/lithium.nix @@ -3,9 +3,6 @@ let myIp = "68.107.97.20"; # hiddor-kahih gitDir = "/srv/git"; - benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb"; - nickKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com"; - dreKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaWLX6UpkiFZmS9OX8mcXIdmvxmHfP/v+8Sx9j3PCbFA+Jaj+PlCCiX/iLOL4Vgq3aQQpBg0FQWttLdCrGbTpnADfmU5TlbUk/9YEhPZG3MP1rYGtpIqmWFEWKGaiJHeW2SRVgnbJFwFKUtrsCQ/OAVENJTZ2xsn/t3xGYfCXqhs2jVctZmuhyO+Qw5KuAgIdr96+QsBVA1V/BdadDicDUgS7ixHyzECME9YT5ldj8YcsJcD4G07bfg7omF5s263BHx0sLpXKRQbIvcVcdnoAZK0JQEaz9adWaMzRuDhP+hMcsF4T2O1ZRLW4nsDRnK5N+KWO5317Jr8eVCqEpSQr aulloa@WINDOWS-DI0KOEL"; in { @@ -97,11 +94,6 @@ in forwardX11 = true; }; - offlineimap = { - enable = true; - install = true; - }; - deluge = { enable = true; openFilesLimit = 10240; @@ -282,29 +274,6 @@ in }; }; - users = { - users = { - ben = { - isNormalUser = true; - home = "/home/ben"; - openssh.authorizedKeys.keys = [ "${benKey}" ]; - extraGroups = [ "wheel" "networkmanager" "docker" ]; - }; - nick = { - isNormalUser = true; - home = "/home/nick"; - openssh.authorizedKeys.keys = [ "${nickKey}" ]; - extraGroups = [ "docker" ]; - }; - dre = { - isNormalUser = true; - home = "/home/dre"; - openssh.authorizedKeys.keys = [ "${dreKey}" ]; - extraGroups = [ "docker" ]; - }; - }; - }; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/machines/users.nix b/machines/users.nix new file mode 100644 index 0000000..5d20b58 --- /dev/null +++ b/machines/users.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +let + benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb"; + nickKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com"; + dreKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaWLX6UpkiFZmS9OX8mcXIdmvxmHfP/v+8Sx9j3PCbFA+Jaj+PlCCiX/iLOL4Vgq3aQQpBg0FQWttLdCrGbTpnADfmU5TlbUk/9YEhPZG3MP1rYGtpIqmWFEWKGaiJHeW2SRVgnbJFwFKUtrsCQ/OAVENJTZ2xsn/t3xGYfCXqhs2jVctZmuhyO+Qw5KuAgIdr96+QsBVA1V/BdadDicDUgS7ixHyzECME9YT5ldj8YcsJcD4G07bfg7omF5s263BHx0sLpXKRQbIvcVcdnoAZK0JQEaz9adWaMzRuDhP+hMcsF4T2O1ZRLW4nsDRnK5N+KWO5317Jr8eVCqEpSQr aulloa@WINDOWS-DI0KOEL"; +in +{ + users = { + users = { + ben = { + isNormalUser = true; + home = "/home/ben"; + openssh.authorizedKeys.keys = [ "${benKey}" ]; + extraGroups = [ "wheel" "networkmanager" "docker" ]; + }; + nick = { + isNormalUser = true; + home = "/home/nick"; + openssh.authorizedKeys.keys = [ "${nickKey}" ]; + extraGroups = [ "docker" ]; + }; + dre = { + isNormalUser = true; + home = "/home/dre"; + openssh.authorizedKeys.keys = [ "${dreKey}" ]; + extraGroups = [ "docker" ]; + }; + }; + }; +} |